Spyware.TotalSpy

Spyware.TotalSpy

Behavior

Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

Antivirus Protection Dates

Initial Rapid Release version
02 October 2014 revision 022

Latest Rapid Release version
01 February 2015 revision 020

Initial Daily Certified version
08 May 2006

Latest Daily Certified version
07 January 2013 revision 017

Initial Weekly Certified release date
10 May 2006

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

When Spyware.TotalSpy is first installed, it creates the following files:
C:\Program Files\TS Trial\conf.dat
C:\Program Files\TS Trial\ctfmon.exe
C:\Program Files\TS Trial\ver.dat

The risk also creates the following folders:
C:\Program Files\TS Trial\daily_log_files
This folder contains the log files for all the keystrokes logged.

C:\Program Files\TS Trial\daily_visited_urls
This folder contains the log files for all the URLs visited.

C:\Program Files\TS Trial\spy_screenshots
This folder may contain other folders which contain the screenshots taken by the threat.

The risk then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ctfmon.exe" = "C:\Program Files\TS Trial\ctfmon.exe"

The risk then monitors user activity on the compromised computer, logs keystrokes, and captures screenshots.